https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173902 Currently if you run "su - user" (or several other commands that use pam) then the limits for many fields are inherited from the user executing the command. The main problem I have with this is that it gives inconsistent results, particularly in the case of daemons. I have designed a change to the program "runuser" to make it use pam_limits.so so that the limits.conf file will be applied to daemons. But to take advantage of this we need sane values. Currently even with my proposed modification to runuser daemons will still run inconsistently, a daemon may perform differently dependant on whether it was started at system boot or by the action of an administrator. Also some daemons (such as Oracle) are started by "su" which has the same issues. If a daemon is going to fail then it should fail in every situation so the administrator can be aware of the problem and fix it. Alternately if it works in one situation then it should work in others. To deal with this I believe that the default limits.conf file should have entries for every field for every user. This is a little controversial so I'd appreciate feedback on the above bugzilla. We have two issues to resolve, whether to have such a default and what the default should be. In my bug report I have suggested some values taken from default values for rawhide and RHEL4. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
